![]() If you configure a realm for an Active Directory server that includes or excludes users who are members of a secondary group on your Active Directory server, your server may be limiting the number of users it reports.īy default, Active Directory servers limit the number of users they report from secondary groups. Users are not included or excluded as specified in your realm configuration If the appliances are not synchronized, the system may perform user timeouts at unexpected intervals. If you notice the system performing user timeouts at unexpected intervals, confirm that the time on your User Agent or ISE device is synchronized with the time on the ASA FirePOWER module. User timeouts are occurring at unexpected times If you notice unexpected server connection behavior, consider tuning your realm configuration, device settings, or server settings. If your access control parameters are too broad, the ASA FirePOWER module obtains information on as many users as it can and reports the number of users it failed to retrieve in the task queue. When choosing which users and groups to include, make sure the total number of users is less than your model limit. The maximum number of users you can store and use in access control depends on your device model. ![]() User activity data is stored in the user activity database and user identity data is stored in the users database. If you configure a realm to download users (for user awareness or user control), the ASA FirePOWER module regularly queries the server to obtain metadata for new and updated users whose activity was detected since the last query. a realm for an Oracle or OpenLDAP server configured for captive portal.a realm for an AD server configured for either a User Agent or ISE device.To perform user access control, you can configure the following: For example, if a device detects a POP3 login for a user with the same email address as an LDAP user, the module associates the LDAP user’s metadata with that user. The module uses the email addresses in POP3 and IMAP logins to correlate with LDAP users on an Active Directory, OpenLDAP, or Oracle Directory Server Enterprise Edition server. The module uses these connections to query the servers for data associated with POP3 and IMAP users. To perform user awareness, you must configure a realm for any of the supported server types. After you enable a realm, your saved changes take effect next time the ASA FirePOWER module queries the server. The directories within a realm must be exclusively LDAP or exclusively AD servers. You can add multiple servers as directories within a realm, but they must share the same basic realm information. allow you to query the server for user metadata on authoritative users.specify the users and user groups whose activity you want to monitor.They specify the connection settings and authentication filter settings for the server. Realms establish connections between the ASA FirePOWER module and the servers targeted for monitoring. Downloading Users and User Groups On-Demand. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |